Firewall

On the Firewall page, you can configure traffic rules, block harmful access, and optimize your firewall security settings.

General Settings

In this section you can configure traffic routing, DNS settings, SSL/TLS configuration, and cache management to optimize website performance and security.

The following table describes fields and options in the General Settings section, including their definitions and usage instructions.

Field Value

Field	Value
Traffic Routing	Enable CDN — Select this option to route traffic via SiteLock’s Content Delivery Network (CDN) for improved load times. Enable Firewall — Select this option to enable SiteLock’s firewall, which provides robust security rules to protect the website from threats. Temporarily bypass SiteLock’s network — Select this option to temporarily disable routing through SiteLock’s network if needed.
DNS Settings (Informational)	Original DNS — Provides a snapshot of the DNS records at the time the product was purchased. It includes the original IP addresses before SiteLock’s service was configured. SiteLock DNS — Shows the DNS changes necessary to configure the firewall.
SSL Configuration Status	SSL certificate on your server — Indicates whether an SSL certificate is detected on the server. SSL certificate on the firewall — Indicates whether an SSL certificate is installed on the firewall. Source of SSL certificate — Shows the source of the SSL certificate (for example Network). Upload Certificate — Opens a pop-up to upload a certificate file, private key file, and a passphrase for the certificate. Accepted file formats for certificates are `.pem`, `.cer`, `.cert`, or `.pfx`, and for private keys, `.key`. SiteLock only supports 2048-bit size certificates, and the custom upload certificate should cover both the apex domain and the 'www' subdomain.
Site IP Address	Site IP Address — Displays the IP address to which traffic will be routed. This can be changed if necessary. Change IP — Changes the IP address. Changes can take up-to 10 minutes to take effect.
Purge Cache	Purge all cache — Clears all cached content, which can be useful if significant changes to the site have been made and the user wants to ensure visitors see the latest version. Purge specific resource — Clears cache for specific files. When selected, additional options are presented in the list: URL is — Purge cache for URLs that exactly match a specific string. URL starts with — Purge cache for URLs that start with a specific string. URL ends with — Purge cache for URLs that end with a specific string. Value — Enter the specific URL or part of a URL that matches the selected pattern.
Functionality	Upload Certificate — Uploads a new SSL certificate. Change IP — Updates the site IP address. Purge Cache Now — Clears the cache based on the selected options.

Traffic Routing

Enable CDN — Select this option to route traffic via SiteLock’s Content Delivery Network (CDN) for improved load times.
Enable Firewall — Select this option to enable SiteLock’s firewall, which provides robust security rules to protect the website from threats.
Temporarily bypass SiteLock’s network — Select this option to temporarily disable routing through SiteLock’s network if needed.

DNS Settings (Informational)

Original DNS — Provides a snapshot of the DNS records at the time the product was purchased. It includes the original IP addresses before SiteLock’s service was configured.
SiteLock DNS — Shows the DNS changes necessary to configure the firewall.

SSL Configuration Status

SSL certificate on your server — Indicates whether an SSL certificate is detected on the server.
SSL certificate on the firewall — Indicates whether an SSL certificate is installed on the firewall.
Source of SSL certificate — Shows the source of the SSL certificate (for example Network).
Upload Certificate — Opens a pop-up to upload a certificate file, private key file, and a passphrase for the certificate. Accepted file formats for certificates are .pem, .cer, .cert, or .pfx, and for private keys, .key. SiteLock only supports 2048-bit size certificates, and the custom upload certificate should cover both the apex domain and the 'www' subdomain.

Site IP Address

Site IP Address — Displays the IP address to which traffic will be routed. This can be changed if necessary.
Change IP — Changes the IP address. Changes can take up-to 10 minutes to take effect.

Purge Cache

Purge all cache — Clears all cached content, which can be useful if significant changes to the site have been made and the user wants to ensure visitors see the latest version.
Purge specific resource — Clears cache for specific files. When selected, additional options are presented in the list:
- URL is — Purge cache for URLs that exactly match a specific string.
- URL starts with — Purge cache for URLs that start with a specific string.
- URL ends with — Purge cache for URLs that end with a specific string.
Value — Enter the specific URL or part of a URL that matches the selected pattern.

Functionality

Upload Certificate — Uploads a new SSL certificate.
Change IP — Updates the site IP address.
Purge Cache Now — Clears the cache based on the selected options.

Configure General Settings

Navigate to Firewall > General Settings.
Configure the settings as needed.
- Traffic Routing — Enable or disable CDN and firewall, or temporarily bypass SiteLock’s network.
. Click Save Changes to apply any changes made.
- DNS Settings — View original and SiteLock DNS records (informational only).
- SSL Configuration Status — Check the status of SSL certificates on your server and firewall, and upload a new certificate if needed.
. Click Upload Certificate to upload a new SSL certificate.
. In the pop-up, upload the certificate file, private key file, and enter the passphrase if
- Site IP Address — View and change the IP address where your website traffic is routed.
. Click Change IP to update the IP address.
. Enter the new IP address and click Save.
- Purge Cache — Clear all cached content or specific resources to ensure visitors see the latest version of your site.
. Click Purge Cache Now to clear the cache based on the selected options.

Proactive Settings

In this section you can configure security settings related to blocking access from specific countries, URLs, and IP addresses to enhance website security.

The following table describes fields and options in the Proactive Settings section, including their definitions and usage instructions:

Field Value

Field	Value
Blocked Countries	Import CSV — Import a `CSV` file of countries to block. List the countries using 2-digit country codes. Export CSV — Export the list of blocked countries to a `CSV` file. You can also select countries from the list or start typing a country name and press Enter to select it.
Blocked URLs	Pattern — Select URL parameters from the list. URL contains — Block URLs that contain a specific string. URL does not contain — Block URLs that do not contain a specific string. URL does not end with — Block URLs that do not end with a specific string. URL does not start with — Block URLs that do not start with a specific string. URL ends with — Block URLs that end with a specific string. URL is — Block URLs that exactly match a specific string. URL is not — Block URLs that do not exactly match a specific string. URL starts with — Block URLs that start with a specific string. Value — Enter the specific URL or part of a URL that matches the selected pattern.
Blocked IPs	The IP addresses, ranges, or subnets to block. Examples: Single IP — `123.123.123.123` IP Range — `123.123.123.0-123.123.123.255` Subnet — `123.123.123.0/24`
Whitelisted IPs	The IP addresses, ranges, or subnets to allow, overriding other blocking rules.

Blocked Countries

Import CSV — Import a CSV file of countries to block. List the countries using 2-digit country codes.
Export CSV — Export the list of blocked countries to a CSV file.
You can also select countries from the list or start typing a country name and press Enter to select it.

Blocked URLs

Pattern — Select URL parameters from the list.
URL contains — Block URLs that contain a specific string.
URL does not contain — Block URLs that do not contain a specific string.
URL does not end with — Block URLs that do not end with a specific string.
URL does not start with — Block URLs that do not start with a specific string.
URL ends with — Block URLs that end with a specific string.
URL is — Block URLs that exactly match a specific string.
URL is not — Block URLs that do not exactly match a specific string.
URL starts with — Block URLs that start with a specific string.
Value — Enter the specific URL or part of a URL that matches the selected pattern.

Blocked IPs

The IP addresses, ranges, or subnets to block.

Examples:

Single IP — 123.123.123.123
IP Range — 123.123.123.0-123.123.123.255
Subnet — 123.123.123.0/24

Whitelisted IPs

The IP addresses, ranges, or subnets to allow, overriding other blocking rules.

Configure Proactive Settings

Navigate to Firewall > Proactive Settings.
Configure the settings as needed.
- Blocked Countries — Import, export or reset a list of countries to block, or select countries from a list.
. Click Save Changes to apply any changes made.
- Blocked URLs — Add URL patterns to block specific URLs or parts of URLs.
. Click Add New URL, select a pattern, enter a value, and click the plus icon to add it to the list.
- Blocked IPs — Specify IP addresses, ranges, or subnets to block.
. Enter the IP address, range, or subnet in the provided field.
. Click Save Changes to apply any changes made.
- Whitelisted IPs — Specify IP addresses, ranges, or subnets to allow, overriding other blocking rules.
. Click Save Changes to apply any changes made.

Responsive Settings

In this section you can customize exceptions to the Firewall. For each category of threat, select the specific rules and exceptions to the rules.

The following table describes fields and options in the Responsive Settings section, including their definitions and usage instructions.

Field	Action
Threat	Malicious Script Access Attempts: Quarantine the script — Isolate the script to prevent it from executing. Only track and report attempts — Monitor and log the attempts without taking any action. Allow all bot visits — Permit all bots to access the server. Bad or Suspended Bots: Block bad bots, challenge suspected bots — Block known bad bots and display a CAPTCHA challenge to suspected bots. Challenge all bad and suspected bots — Display a CAPTCHA challenge to both bad and suspected bots. Block bad bots — Block access for known bad bots. Allow all bot visits — Permit all bots to access the server.
Attempts, Cross-Site Scripting Attempts	Illegal Resource Access Attempts, Remote File Inclusions, SQL Injection. Block just the attack — Block the specific attack attempt. Block the attack, and all future visits by the same user agent — Block the attack and prevent future visits from the same user agent. Block the attack, and all future visits from the same IP — Block the attack and prevent future visits from the same IP address. Allow all bot visits — Permit all bots to access the server. Only track and report attempts — Monitor and log the attempts without taking any action.

Field

Action

Threat

Malicious Script Access Attempts:

Quarantine the script — Isolate the script to prevent it from executing.
Only track and report attempts — Monitor and log the attempts without taking any action.
Allow all bot visits — Permit all bots to access the server. Bad or Suspended Bots:
Block bad bots, challenge suspected bots — Block known bad bots and display a CAPTCHA challenge to suspected bots.
Challenge all bad and suspected bots — Display a CAPTCHA challenge to both bad and suspected bots.
Block bad bots — Block access for known bad bots.
Allow all bot visits — Permit all bots to access the server.

Attempts, Cross-Site Scripting Attempts

Illegal Resource Access Attempts, Remote File Inclusions, SQL Injection.

Block just the attack — Block the specific attack attempt.
Block the attack, and all future visits by the same user agent — Block the attack and prevent future visits from the same user agent.
Block the attack, and all future visits from the same IP — Block the attack and prevent future visits from the same IP address.
Allow all bot visits — Permit all bots to access the server.
Only track and report attempts — Monitor and log the attempts without taking any action.

Configure Responsive Settings

Navigate to Firewall > Responsive Settings.
Configure the settings as needed.
- Threat — Select the type of threat to configure rules for.
- Action — Select the specific rules and exceptions to the rules for the selected threat.
When you have selected the variables for tha rules, click Add.

Performance

In this section you can configure caching and content delivery to improve website performance.

The following table describes fields and options in the Performance section, including their definitions and usage instructions.

Field Action

Field	Action
Purge Cache	Purge all cache — Clears all cached content, which can be useful if significant changes to the site have been made and the user wants to ensure visitors see the latest version. Purge specific resource — Clears cache for specific files, allowing the user to update individual elements without affecting the entire site.
Advanced Caching	Always cache URLs — Cache specified URLs to improve load times. This is useful for static content that doesn’t change often. Never cache URLs — Exclude specified URLs from being cached. This is useful for dynamic content that changes frequently.
Pattern	Select the pattern for the URL - applicable to both always cache URLs and never cache URLs. Options: URL contains — Cache or exclude URLs that contain a specific string. URL does not contain — Cache or exclude URLs that do not contain a specific string. URL does not end with — Cache or exclude URLs that do not end with a specific string. URL does not start with — Cache or exclude URLs that do not start with a specific string. URL ends with — Cache or exclude URLs that end with a specific string. URL is — Cache or exclude URLs that exactly match a specific string. URL is not — Cache or exclude URLs that do not exactly match a specific string. URL starts with — Cache or exclude URLs that start with a specific string.
TTL Unit	Select the time-to-live unit for caching. Options: Seconds Minutes Hours Days Weeks
Cache Mode	Options: Cache static and dynamic content — Cache both static (for example, images, `CSS`) and dynamic content (for example, `HTML` generated by a server). Cache static content only — Cache only static content, which is less likely to change frequently. Disable caching — Turn off caching entirely, which might be useful during development or troubleshooting.
Content Delivery Network (CDN)	Configure settings for content delivery to improve load times by serving content from servers closer to the visitor.
Auto Minify	Minify specific types of resources to reduce file size and improve load times. * Minify JavaScript — Remove unnecessary characters from JavaScript files. * Minify CSS — Remove unnecessary characters from `CSS` files. * Minify static HTML — Remove unnecessary characters from `HTML` files.
Image Compression	Options for compressing images to reduce file size and improve load times. * Compress PNG — Reduce the size of `.png` images. * Compress JPEG — Reduce the size of `.jpeg` images. Aggressive compression — Apply more aggressive compression techniques to further reduce image size, potentially at the cost of some quality. Progressive image rendering — Load images progressively, which can improve the perceived load time as images appear to load faster. * On the fly compression: Text files (`JS`, `CSS`, `HTML`) are gzipped before being transferred to reduce loading times.
Other Settings	TCP pre-pooling — Establish TCP connections in advance to reduce latency. Comply with no-cache and max-age directives in client requests — Respect caching directives specified by the client. Comply with Vary User-Agent — Cache different versions of content based on the user-agent header. Use shortest caching duration in case of conflict — Select the shortest caching duration when there are conflicting cache settings. Prefer last modified over ETag — Select the last modified header instead of ETag for cache validation. Disable client-side caching — Prevent the client from caching content locally. Also cache 3xx responses — Cache 301, 302, 303, 307 and 308 response headers containing the target URI. 3xx caching can only be triggered through HTTP response headers or caching rules.

Purge Cache

Purge all cache — Clears all cached content, which can be useful if significant changes to the site have been made and the user wants to ensure visitors see the latest version.
Purge specific resource — Clears cache for specific files, allowing the user to update individual elements without affecting the entire site.

Advanced Caching

Always cache URLs — Cache specified URLs to improve load times. This is useful for static content that doesn’t change often.
Never cache URLs — Exclude specified URLs from being cached. This is useful for dynamic content that changes frequently.

Pattern

Select the pattern for the URL - applicable to both always cache URLs and never cache URLs.

Options:
- URL contains — Cache or exclude URLs that contain a specific string.
- URL does not contain — Cache or exclude URLs that do not contain a specific string.
- URL does not end with — Cache or exclude URLs that do not end with a specific string.
- URL does not start with — Cache or exclude URLs that do not start with a specific string.
- URL ends with — Cache or exclude URLs that end with a specific string.
- URL is — Cache or exclude URLs that exactly match a specific string.
- URL is not — Cache or exclude URLs that do not exactly match a specific string.
- URL starts with — Cache or exclude URLs that start with a specific string.

TTL Unit

Select the time-to-live unit for caching.

Options:
- Seconds
- Minutes
- Hours
- Days
- Weeks

Cache Mode

Options:

Cache static and dynamic content — Cache both static (for example, images, CSS) and dynamic content (for example, HTML generated by a server).
Cache static content only — Cache only static content, which is less likely to change frequently.
Disable caching — Turn off caching entirely, which might be useful during development or troubleshooting.

Content Delivery Network (CDN)

Configure settings for content delivery to improve load times by serving content from servers closer to the visitor.

Auto Minify

Minify specific types of resources to reduce file size and improve load times. * Minify JavaScript — Remove unnecessary characters from JavaScript files. * Minify CSS — Remove unnecessary characters from CSS files. * Minify static HTML — Remove unnecessary characters from HTML files.

Image Compression

Options for compressing images to reduce file size and improve load times. * Compress PNG — Reduce the size of .png images. * Compress JPEG — Reduce the size of .jpeg images. Aggressive compression — Apply more aggressive compression techniques to further reduce image size, potentially at the cost of some quality. Progressive image rendering — Load images progressively, which can improve the perceived load time as images appear to load faster. * On the fly compression: Text files (JS, CSS, HTML) are gzipped before being transferred to reduce loading times.

Other Settings

TCP pre-pooling — Establish TCP connections in advance to reduce latency.
Comply with no-cache and max-age directives in client requests — Respect caching directives specified by the client.
Comply with Vary User-Agent — Cache different versions of content based on the user-agent header.
Use shortest caching duration in case of conflict — Select the shortest caching duration when there are conflicting cache settings.
Prefer last modified over ETag — Select the last modified header instead of ETag for cache validation.
Disable client-side caching — Prevent the client from caching content locally.
Also cache 3xx responses — Cache 301, 302, 303, 307 and 308 response headers containing the target URI. 3xx caching can only be triggered through HTTP response headers or caching rules.

Configure Performance Settings

Navigate to Firewall > Performance.
Configure the settings as needed.
- Purge Cache — Clear all cached content or specific resources to ensure visitors see the latest version of your site.
. Click Purge Cache Now to clear the cache based on the selected options.
- Advanced Caching — Set rules for always caching or never caching specific URLs.
- Cache Mode — Choose what types of content to cache: static, dynamic, or disable caching.
. Click Save Changes to apply any changes made.
- Content Delivery Network (CDN) — Configure settings for content delivery to improve load times by serving content from servers closer to the visitor.
- Auto Minify — Minify specific types of resources to reduce file size and improve load times.
- Image Compression — Options for compressing images to reduce file size and improve load times.
- Other Settings — Additional performance-related settings.
. Click Save Changes to apply any changes made.

Authentication

In this section you can add an additional layer of security to specific pages or URLs, such as a WordPress admin page.

The following table describes fields and options in the Authentication section, including their definitions and usage instructions.

Field	Action
Users	Define which users should have access to protected pages. Users defined here will be able to authenticate on the pages below by entering a code that is emailed or texted to the provided contacts. Name — The full name of the user. Email Address — Valid email address for the user. Phone Number — The list of countries to select the country code and enter a valid phone number from.
Pages/URL	Define which pages/URLs should be protected to only allow the above users to access the content. Pattern — The list of URL patterns to select from. URL contains — Protect URLs that contain a specific string. URL does not contain — Protect URLs that do not contain a specific string. URL does not end with — Protect URLs that do not end with a specific string. URL does not start with — Protect URLs that do not start with a specific string. URL ends with — Protect URLs that end with a specific string. URL is — Protect URLs that exactly match a specific string. URL is not — Protect URLs that do not exactly match a specific string. URL starts with — Protect URLs that start with a specific string. Value — The specific URL or part of a URL that matches the selected pattern.

Field

Action

Users

Define which users should have access to protected pages. Users defined here will be able to authenticate on the pages below by entering a code that is emailed or texted to the provided contacts.

Name — The full name of the user.
Email Address — Valid email address for the user.
Phone Number — The list of countries to select the country code and enter a valid phone number from.

Pages/URL

Define which pages/URLs should be protected to only allow the above users to access the content.

Pattern — The list of URL patterns to select from.
- URL contains — Protect URLs that contain a specific string.
- URL does not contain — Protect URLs that do not contain a specific string.
- URL does not end with — Protect URLs that do not end with a specific string.
- URL does not start with — Protect URLs that do not start with a specific string.
- URL ends with — Protect URLs that end with a specific string.
- URL is — Protect URLs that exactly match a specific string.
- URL is not — Protect URLs that do not exactly match a specific string.
- URL starts with — Protect URLs that start with a specific string.
Value — The specific URL or part of a URL that matches the selected pattern.

Configure Authentication Settings

Navigate to Firewall > Authentication.
Configure the settings as needed.
- Users — Define which users should have access to protected pages. Users defined here will be able to authenticate on the pages below by entering a code that is emailed or texted to the provided contacts.
. Click Add New User, enter the user’s name, email address, and phone number, then click the plus icon to add the user to the list.
- Pages/URL — Define which pages/URLs should be protected to only allow the above users to access the content.
. Click Add New URL , select a pattern, enter a value, and click the plus icon to add it to the list.